Cipher Modes
When a block cipher is used, any one of the following cipher modes can be
specified via the
CryptSetKeyParam function. If the application does not explicitly specify one of these modes,
then the cipher block chaining (CBC) cipher mode is used.
Electronic Codebook (ECB)
When this cipher mode is used, each block is encrypted individually. No
feedback is used. This means any blocks of plaintext that are identical and are
either in the same message, or in a different message that is encrypted with the
same key, will be transformed into identical ciphertext blocks.
If the plaintext to be encrypted contains substantial repetition, then it is
feasible for the ciphertext to be broken one block at a time. Furthermore, it is
possible for an unscrupulous person to substitute and exchange individual
blocks without detection.
Initialization vectors cannot be used with this cipher mode.
If a single bit of the ciphertext block is garbled, then the entire
corresponding plaintext block will also be garbled.
Cipher Block Chaining (CBC)
This cipher mode introduces feedback. Before each plaintext block is
encrypted, it is XOR'ed with the ciphertext of the previous block. This ensures that
even if the plaintext contains many identical blocks, they will each encrypt to a
different ciphertext block.
The initialization vector is XOR'ed with the first plaintext block before the
block is encrypted.
As with the Codebook cipher mode, if a single bit of the ciphertext block is
garbled, then the corresponding plaintext block will also be garbled. In
addition, a bit in the subsequent plaintext block (in the same position as the
original garbled bit) will be garbled. Synchronization errors are fatal. If there are
extra or missing bytes in the ciphertext, the plaintext will be garbled from
that point on.
When the Microsoft RSA Base Provider is used, this is the default cipher mode.
Cipher Feedback Mode (CFB)
The cipher feedback mode lets you process small increments of plaintext into
ciphertext, instead of processing an entire block at a time. This can be is
useful, for example, when encrypting a stream of data that originates at a
keyboard. Each keystroke can be encrypted and transmitted without the need to wait for
an entire block to be typed.
This mode uses a shift register which is one block size in length and divided
up into sections. For example, if the block size is 64 bits with 8 bits
processed at a time, then the shift register would be divided up into 8 sections.
This is the procedure for each encryption cycle:
- The block in the shift register is encrypted normally.
- The leftmost 8 bits in the encrypted shift register are XOR'ed with the next 8
bits of plaintext and sent off as 8 bits of ciphertext.
- The shift register is shifted 8 bits to the left.
- The 8 bits of ciphertext generated in step 2 is placed in the rightmost 8 bits
of the shift register.
In CryptoAPI, the number of bits processed at one time is specified by setting
the encryption key's KP_MODE_BITS parameter using the
CryptSetKeyParam function. This parameter typically defaults to 8.
Depending on the value of the KP_MODE_BITS parameter, this cipher mode is
substantially slower than the Cipher Block Chaining mode. For example, if the block
size is 64 bits with 8 bits are processed at a time, this cipher mode is 64/8
or 8 times slower.
Before the encryption process begins, the shift register is filled with the
initialization vector.
If a bit in the cipher text is garbled, one plaintext bit is garbled and the
shift register is corrupted. This results in the next several plaintext blocks
being garbled until the bad bit is shifted out of the shift register. In the
preceding example, 9 bytes of plaintext would be garbled. This is the same amount
of error propagation as with the Cipher Block Chaining mode. Synchronization
errors are not fatal, provided that the slip is a multiple of KP_MODE_BITS. Thus,
if KP_MODE_BITS is 8 and there are extra or missing bytes from the ciphertext,
then 9 bytes of plaintext are garbled and the plaintext will have the same
number of extra or missing bytes.
Output Feedback Mode (OFB)
This mode is similar to the cipher feedback mode. The only difference between
the two modes is how the shift register is filled.
The output feedback (OFB) cipher mode uses the following encryption cycle:
- The block in the shift register is encrypted normally.
- The leftmost 8 bits in the encrypted shift register are XOR'ed with the next 8
bits of plaintext and sent off as 8 bits of ciphertext.
- The shift register is shifted 8 bits to the left.
- The leftmost 8 bits of the encrypted shift register used in step 2 is placed
in the rightmost 8 bits of the shift register.
As with the Cipher Feedback mode, the shift register is filled with the
initialization vector before the encryption process starts.
If a bit in the cipher text is garbled, the corresponding bit of plaintext
will also be garbled. This is much better than the Cipher Feedback mode. However,
synchronization errors are fatal. If there are extra or missing bits from the
ciphertext, then the plaintext will be garbled from that point on.
Note According to Gait (see reference below), the OFB block cipher mode has a
weakness when the number of bits fed back is different than the block size. It is
thus recommended that the KP_MODE_BITS parameter be set to the block size when
this cipher mode is used.
- J. Gait, "A New Nonlinear Pseudorandom Number Generator," IEEE Transactions on Software Engineering, v. SE-3, n. 5, Sep 1977, pp. 359-363.
- Software for developers
-
Delphi Components
.Net Components
Software for Android Developers
- More information resources
-
MegaDetailed.Net
Unix Manual Pages
Delphi Examples
- Databases for Amazon shops developers
-
Amazon Categories Database
Browse Nodes Database